It's Cool to Hate Security Vendors
In security, it’s trendy to dunk on vendors and romanticize building in-house. But in most enterprises, buying the boring, supported tool isn’t selling out, it's the smart choice.
GRC in Practice
Learn how to get engineering teams to listen, make executives care about your recommendations, and build influence that goes beyond compliance theater. For pros who want to drive decisions.
The Future of GRC in the AI-Hype World
How AI will change our practices, for best (mostly) and for worse (a bit). Start embracing AI to automate the bureaucratic parts of GRC to focus on our human plus value.
Security Questionnaires Aren't Making Anyone Safer
Security questionnaires are a soul-crushing bureaucratic charade that wastes everyone's time, kills business momentum, and miraculously manages to make security worse in the process.
Beyond Compliance
The ultimate rant against compliance theatre and checkmarkism.
Security Needs Data: Insights From the Data Breach Investigation Report
Reviewing the Data Breach Investigation Report for a source of credible data about the real cyber threats we must worry about.